CVEs classified under CWE-283, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2026-26016 — CVSS 8.1 (high): Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.1, a missing…
CVE-2021-24501 — CVSS 8.1 (high): The Workreap WordPress theme before 2.2.2 had several AJAX actions missing authorization checks to verify that a user was authorized to…
CVE-2025-43882 — CVSS 7.8 (high): Dell ThinOS 10, versions prior to 2508_10.0127, contains an Unverified Ownership vulnerability. A local low-privileged attacker could…
CVE-2026-4269 — CVSS 7.5 (high): A missing S3 ownership verification in the Bedrock AgentCore Starter Toolkit before version v0.1.13 may allow a remote actor to inject code…
CVE-2026-29788 — CVSS 7.5 (high): TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and…
CVE-2025-47940 — CVSS 7.2 (high): TYPO3 is an open source, PHP based web content management system. Starting in version 10.0.0 and prior to versions 10.4.50 ELTS, 11.5.44…
CVE-2026-44707 — CVSS 6.8 (medium): Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, a Pre-Account Takeover (Pre-ATO) vulnerability existed in Chatwoot's…
CVE-2026-44562 — CVSS 6.5 (medium): Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST…
CVE-2020-8554 — CVSS 6.3 (medium): Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to…
CVE-2025-9822 — CVSS 5.5 (medium): SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally…
CVE-2024-1853 — CVSS 5.5 (medium): Zemana AntiLogger v2.74.204.664 is vulnerable to an Arbitrary Process Termination vulnerability by triggering the 0x80002048 IOCTL code of…
CVE-2026-27486 — CVSS 5.3 (medium): OpenClaw is a personal AI assistant. In versions 2026.2.13 and below of the OpenClaw CLI, the process cleanup uses system-wide process…
CVE-2025-1007 — CVSS 5.3 (medium): In OpenVSX version v0.9.0 to v0.20.0, the /user/namespace/{namespace}/details API allows a user to edit all namespace details, even if the…
CVE-2026-40337 — CVSS 5.1 (medium): The Sentry kernel is a high security level micro-kernel implementation made for high security embedded systems. A given task with one of…
CVE-2025-12815 — CVSS 4.3 (medium): An ownership verification issue in the Virtual Desktop preview page in the Research and Engineering Studio (RES) on AWS before version…
CVE-2025-36091 — CVSS 4.3 (medium): IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause dashboards to become…
CVE-2026-0598 — CVSS 4.2 (medium): A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not…
CVE-2023-6068 — CVSS 3.1 (low): On affected 7130 Series FPGA platforms running MOS and recent versions of the MultiAccess FPGA, application of ACL’s may result in…